news
Virtual Private Cloud — New service for secure your business

Firewall: configuring a server firewall

DP
Denis Pochtarenko
February 10, 2020

Configuring virtual server firewall in control panel.

What is this?

You can use a firewall to manage server access and network data packets directly from a control panel. This option is included in server cost and not billed separately.

Currently, the limit is 50 rules; if you need more, please submit a request to technical support.

Network architecture

In order to avoid firewall rule conflicts and configure a firewall correctly, you need to understand the sequence of existing firewall operation. First, you can configure a firewall for a private network. Second, you can configure a firewall for a server via a control panel. And third, you can configure an internal firewall via iptables in Linux or use Windows built-in firewall.

Incoming packets first reach a network-level firewall (if exists). If packets have passed it, a server-level firewall comes into play, and finally an internal software mechanism is used. For outgoing packets, the reverse sequence applies.

Avoid using a server-level firewall and internal software firewall simultaneously:

Network architecture

Rule creation

To configure a firewall in any VPS, go to Firewall section in the server settings.

Important notice:

— Rule order is essential: the less sequential number of a rule, the higher its priority. You may reorder rules by dragging and dropping them in a list.
— By default, all incoming and outgoing data packets are allowed.

To create a rule, click Add:

To create a rule, click Add

Add Rule window will open. Fill in the following fields:

  • Name: a meaningful (mnemonic) name (max. 50 characters) usually describing the rule purpose;
  • Direction: direction of packets governed by the rule; can be either Incoming or Outgoing. Incoming means that the rule is applied to incoming data packets, and Outgoing means that it is applied to outgoing data packets;
  • Source/Destination: depending on the direction, contains either server IP address or one of the following values: IP address, CIDR, IP address range, or any;
  • SourcePort/DestinationPort: when TCP, UDP, or TCP and UDP is selected, you may specify a port, port range, or Any;
  • Action: action to be performed; it can be either Allow or Deny. Allow permits data packet transmission, while Deny prohibits it;
  • Protocol: protocol type (ANY, TCP, UDP, TCP and UDP, and ICMP).

To create a rule, click Save.

In our example, the rule blocks all packets coming to a server:

The rule blocks all packets coming to a server

To apply the rule, click Save. You can create several rules and save them all at once:

To apply the rule, click Save

Then, a page will look as follows:

Then, a page will look as follows

Rule priority

The less sequential number of a rule, the higher its priority. For example, after you have created a rule to deny all incoming traffic, create a rule to allow incoming TCP packets on port 80. After you save configuration changes, this port will remain inaccessible since the denying rule has higher priority than the allowing one:

Rule priority

To change rule priority, drag the allowing rule to the first place and save changes:

To change rule priority, drag the allowing rule to the first place

After saving, rule sequential numbers will change, as well as their priorities:

After saving, rule sequential numbers will change

In this configuration, the firewall will allow TCP-packets on port 80 and block all other packets.

Start Your Cloud Journey Migration made simplified. Take the first step right now.
We use cookies to provide our services and for analytics and marketing. To find out more about our use of cookies, please see our Privacy Policy. By continuing to browse our website, you agree to our use of cookies.